from the go-schlaf$#@-yourselves dept

I don't get it, but the never ending list of trademark disputes centered around alcohol just continues to grow. Previously we've seen universities going after small brewers over common sports terms, disputes over completely dissimilar lables, and depictions of zombie trademark lawyers doing what zombie trademark lawyers do: kill the living. But this one is a whole new level of egotistical crazy.

The Schlafly beer maker applied for the trademark on the use of the brand name in 2011; Phyllis Schlafly filed a notice of opposition with the U.S. Patent and Trademark Office in September 2012. Settlement talks have failed to produce a resolution, and neither side appears ready to back down...Phyllis Schlafly, who declined to be interviewed for this story, argues that the word Schlafly has no usage or meaning other than as a last name, and she lays claim to it.

“In connection with its usage as a surname, it has the connotation of conservative values, which to millions of Americans (such as Baptists and Mormons) means abstinence from alcohol,” her filing with the trademark office states. “An average consumer in Saint Louis and elsewhere would think ‘Schlafly’ is a surname associated with me, and thus the registration of this name as a trademark by Applicant should be denied.”

Got that? Phyllis Schlafly is well known, therefore everyone's going to look at a beer with her last name on it and immediately think of this smiling face.

See the absence of eyeballs? It's because she doesn't have a soul.

Now if it seems pretty ridiculous that a brewery that's been selling a beer under the name of one of its founders for over two decades suddenly has to face a trademark opposition on their brand from an elderly woman going all Mormon and Baptist on its ass, well, you're not wrong, but that isn't even the best part. No, the best part is this.

“The full federal trademark has nothing to do with our right to sell beer, and no one is contesting our right to do that,” Tom Schlafly said. “We sell the equivalent of 20 million bottles of beer a year, and we want to keep someone else from selling beer and calling it Schlafly."

Get it yet? Phyllis Schlafly is contesting the trademark application because she doesn't like her name being associated with a beer brand. However, denying the mark wouldn't keep Tom Schlafly from using the name on his beer labels, he just wouldn't be able to register a trademark for it. In other words, the entire ultimate goal driving this opposition won't be attained by the opposition. Way to go, Phyllis! Other Schlaflys have been coming out of the woodwork since, including Andy Schlafly, Phyllis' son, and Bruce Schlafly, an orthopedic surgeon and also Phyllis' son, have since come out in opposition to the mark.

Fortunately, the brewery is likely to win.

Yvette Liebesman, an assistant professor of law at St. Louis University who teaches intellectual property law, said Schlafly beer has a strong case because the company has used the name in commerce for so long.

“The very first time they started selling beer from the tap, that is when they got rights to the mark,” she said. “They certainly have been around long enough to acquire a secondary meaning.” To get the trademark, Schlafly beer must show its goods are not likely to be confused with goods sold by others, Liebesman said. Phyllis Schlafly “would have to prove that there’s a likelihood that people would confuse the two, and I think that’s going to be tough,” Liebesman said.

But, like, Phyllis Schlafly is going to be so upset! Oh well, I'll just drown my sorrows in some brew. One Schlafly, please!

That alone began getting some attention, and it appears that the Russian government followed it up by trying to play whac-a-mole with a variety of news sites, even taking down access to a radio station's website because it had posted a mirror of Navalny's blog.

The reason given for blocking the other media websites was that the "websites contain calls to illegal activity and participation in mass events that are conducted contrary to the established order." As for the blocking of Navalny's blog, which is updated by his wife, the government is claiming that since Navalny is under house arrest with orders not to communicate publicly, this blog violates that order, and therefore it's appropriate to censor it.

These excuses ring rather hollow for obvious reasons. And so far it certainly seems like this latest attempt at widespread censorship is, of course, calling a lot more attention to both the censorship attempt as well as what it was they're so eager to hide. In fact, Russians appear to be quickly routing around the censorship, because that's what you have to do in a country that regularly tries to censor what you can read.

from the urls-we-dig-up dept

Amateur fusion isn't quite a new fad. Online resources have been available since the early 2000s, and plenty of people have learned about or built a Farnsworth-Hirsch fusor for themselves. Philo T. Farnsworth (perhaps more famous for inventing TV) designed equipment that could fusion atoms together. Before anyone gets too excited, though, none of these designs look like they could ever produce any excess energy. It would be nice if fusion generators actually did exist, but we're probably not going to see any in the near future. In the meantime, playing with fusion reactors might inspire a really clever design, so here are a few links on DIY fusion.

from the indeed dept

Better late than never: it appears that Mark Zuckberberg is finally really pissed off about the NSA surveillance efforts. This comes in the wake of the recent reports that the NSA sought to build a malware empire by setting up a bogus Facebook server to intercept traffic and fool users. While there have been indications that Facebook hasn't been happy about all of this, Zuckerberg has taken to his Facebook page to really dig in, noting that he'd even called President Obama to express his thoughts on the matter.

I've called President Obama to express my frustration over the damage the government is creating for all of our future.

Also, and perhaps more importantly, he notes that the US government has become a threat to the internet:

This is why I've been so confused and frustrated by the repeated reports of the behavior of the US government. When our engineers work tirelessly to improve security, we imagine we're protecting you against criminals, not our own government.

The US government should be the champion for the internet, not a threat. They need to be much more transparent about what they're doing, or otherwise people will believe the worst.

Earlier this week we wrote about Google's Eric Schmidt directly claiming that the company was attacked by the NSA, and now Zuckerberg is publicly stating that the government has become a threat to the internet. From the very beginning of the Snowden revelations, we've been saying that the tech industry needed to speak out more vehemently about the kind of damage the NSA is doing to a huge part of our economy and the ability to innovate. It's taken some time but it's good to see these companies finally saying this stuff.

Of course, words alone may not do very much. Zuckerberg admits that reform may be a long time coming, but instead is focusing on how the tech industry can build better (read: more encrypted, more secure) systems to fight back against this "threat." Google recently announced that all of its searches are encrypted, but that's just a start. The tech industry has to move to a world where encryption is the norm, and not the exception any more. It may suck in the way that it sucked when homes and cars finally "required" locks, but at this point it's a necessity.

The concept, which Rep. C.A. Dutch Ruppersberger (D-Md.) said he is still refining, would require court review of numbers that the phone companies are asked to search against. But it would not call for a requirement that companies hold data longer than they do now…

Details would have to be worked out, but, he said, the idea would be to send suspect numbers, which a court has deemed to meet the standard, to all phone companies. They would search daily against this list and send back to the NSA any numbers that hit up against the list.

Ruppersberger's proposal (which he says has sprung out of "serious discussions" with Rep. Rogers) retains the RAS (Reasonable Articulable Suspicion) stipulation that currently governs the NSA's searches of the stored metadata, but it does loosen other restraints -- namely, that the searches be constrained to targets of "authorized investigations" and "agents of foreign powers."

If this sounds all too familiar, there's a reason for that.

Some analysts say that what Ruppersberger appears to be proposing looks very similar to existing authority under the “pen register” provision of the Foreign Intelligence Surveillance Act. That provision enables the government to order a phone company to send back in real-time “dialing” information, such as phone numbers, if the government can show the information sought would be “relevant to an ongoing investigation to protect against international terrorism” or espionage.

This pen register concept was thoroughly bastardized by FISC judge Colleen Kollar-Kotelly in 2004 to give the agency permission to use an open-ended (but targeted) surveillance technique as a way to grab every phone record from telcos in three-month chunks (granted in perpetuity by the FISA court).

But the pen register statute hasn't been written off the books. It still exists and is, in fact, still used occasionally by the NSA, which prompts the following question: why bother introducing new legislation and new guidelines? Why not just make the NSA adhere to the existing statute (albeit one not so thoroughly distended by a previous FISA court decision)?

“So the natural way to solve this problem is not by creating a new authority, but by taking the existing authority designed for exactly this purpose, and narrowing it so it can’t be again used for bulk collection,” said Julian Sanchez, a fellow at the CATO Institute and surveillance expert.

The problem with new laws is that it adds to the number of exploitable tools the NSA can use. As noted above, this eliminates some of the limits governing the bulk records collection. While arguably better than the unlimited metadata harvesting the NSA has done for most of the last decade, the public would be better served by simply requiring the agency to follow existing pen register statutes, provided, of course, the FISA court restores the definition back to its original form.

It is good to see another legislator pushing the NSA back towards targeted surveillance, something it increasingly abandoned in the wake of the PATRIOT Act, especially one that has the misfortune of working closely with Rep. Mike Rogers.

from the i'm-sure-that-won't-be-abused-at-all... dept

Update: It appears that this story was misreported by a few sources, and the fans were flamed by UK government comments about censoring videos. Youtube has as program that lets trusted sources more easily flag videos that are then reviewed fairly quickly by YouTube staff. However, these videos still get reviewed to see if they violate any of YouTube's terms of service, rather than automatically pulled down. It's still concerning that the UK government seems to think that it should censor content that even they believe is not legal, but it doesn't appear that YouTube is actually letting the UK government censor videos.

A few years ago, then-Senator Joe Lieberman went on a bizarre anti-free speech crusade against YouTube, arguing that by allowing "terrorists" to post videos to YouTube, people were watching those videos and magically turning into terrorists. Because YouTube videos are just that powerful. Given the public shaming, Google actually caved in and started banning "terrorist" videos. Of course, how do you define a "terrorist" video? The fact is we just don't know, and that's evidenced by the fact that Lieberman's efforts resulted in videos from a Syrian watchdog organization being taken down as terrorism -- when they were really reporting on the atrocities of that country's government. If anything, you'd think this would be a clear warning about the perils of trying to censor "terrorist" videos. You're going to get it wrong, and often block important and newsworthy videos.

But... instead it appears that this effort is only ramping up, and unfortunately, YouTube seems to be helping. Over in the UK, where the government has been gradually censoring more and more of the internet over the past few years, Google has apparently agreed to give the UK government broad powers to "flag" videos they argue are bad, even if they're not illegal. Ostensibly, the goal is to block videos that "proliferate jihadi material."

The YouTube permissions that Google has given the Home Office in recent weeks include the power to flag swaths of content “at scale” instead of only picking out individual videos.

They are in part a response to a blitz from UK security authorities to persuade internet service providers, search engines and social media sites to censor more of their own content for extremist material even if it does not always break existing laws.

And the UK government even admits that the videos it will be taken down are not illegal:

The UK’s security and immigration minister, James Brokenshire, said that the British government has to do more to deal with some material “that may not be illegal, but certainly is unsavoury and may not be the sort of material that people would want to see or receive”.

Of course, that kind of statement shows the program is wide open to abuse. The sort of material people would not want to see or receive? Well, then they just don't watch it. Besides, who gets to decide what people would not want to see? Because there's lots of important content that a government might not want its citizens to see, but which are kind of important to a functioning democracy and open society.

While I'm sure the pressure from the government here was quite strong, it's upsetting to see Google cave in to these kinds of requests. Giving the UK government a giant "censor this video" button seems like exactly the wrong approach.

from the journalism! dept

Earlier this week, we pointed out that many in the press had fallen for CIA Director John Brennan's "non-denial denial" over Senator Dianne Feinstein's accusations that the CIA had improperly searched the network over Senate Intelligence Committee staffers who were researching the CIA's torture program. Even more incredibly, later that same day, Brennan released the letter he had written Feinstein back in January, which actually confirms basically everything she said.

John Brennan, who has been CIA director for a year, quickly denied Feinstein's accusation on Tuesday.

He did no such thing. He denied that the CIA had "hacked" the Senate staffers, which is not what Feinstein had said at all. In fact, she explicitly stated that the CIA did not hack anyone. Instead, she said that they had improperly searched the computers, which is exactly what Brennan admitted to her in his letter, which he then released to the public.

Here's the crux of Feinstein's accusation:

Shortly thereafter, on January 15, 2014, CIA Director Brennan requested an emergency meeting to inform me and Vice Chairman Chambliss that without prior notification or approval, CIA personnel had conducted a "search"—that was John Brennan's word—of the committee computers at the offsite facility. This search involved not only a search of documents provided to the committee by the CIA, but also a search of the "stand alone" and "walled-off" committee network drive containing the committee's own internal work product and communications.

According to Brennan, the computer search was conducted in response to indications that some members of the committee staff might already have had access to the Internal Panetta Review. The CIA did not ask the committee or its staff if the committee had access to the Internal Review, or how we obtained it.

Instead, the CIA just went and searched the committee's computers. The CIA has still not asked the committee any questions about how the committee acquired the Panetta Review. In place of asking any questions, the CIA's unauthorized search of the committee computers was followed by an allegation—which we have now seen repeated anonymously in the press—that the committee staff had somehow obtained the document through unauthorized or criminal means, perhaps to include hacking into the CIA's computer network.

And here's Brennan admitting exactly that:

Because we were concerned that there may be a breach or vulnerability in the system for housing highly classified documents, CIA conducted a limited review to determine whether these files were located on the SSCI side of the CIA network and reviewed audit data to determine whether anyone had accessed the files, which would have been unauthorized.

Is it really too much to ask the press to accurately report what Feinstein and Brennan said?

from the congressional-oversight! dept

Since the Senate spying scandal story came out last week, and then went into overdrive this week with Dianne Feinstein's public statement on the details, her counterpart in the House, Rep. Mike Rogers (a staunch defender of the intelligence community) had remained mostly quiet. He finally did an interview in which he actually admits that if the CIA broke the law, "that would be a pretty horrific situation and would destroy that legislative-CIA relationship." Relationship? Then there's this nugget, where he suggests that the CIA isn't out of control and Congressional oversight is working great:

"We shouldn't taint the whole agency. The agency is well-overseen, lots of oversight, and they're doing some really incredible work to protect the United States of America."

Well-overseen? Lots of oversight? Right. So, soon after he does this interview, McClatchy releases a story about how the CIA (with support from the White House) has been withholding thousands of documents from the Senate Intelligence Committee who is investigating the CIA's torture program. This is in relation to the report that created this scandal, the supposedly scathing report that condemns the CIA for going even further in torturing people than previously reported and revealing that the torture produced no useful intelligence. And that's without knowing what's in these other documents.

The White House has been withholding for five years more than 9,000 top-secret documents sought by the Senate Select Committee on Intelligence for its investigation into the now-defunct CIA detention and interrogation program, even though President Barack Obama hasn't exercised a claim of executive privilege.

In contrast to public assertions that it supports the committee's work, the White House has ignored or rejected offers in multiple meetings and in letters to find ways for the committee to review the records, a McClatchy investigation has found.

How's that "oversight" looking now? When the CIA can just hang onto the really embarrassing stuff just because it wants to, you no longer have "oversight." You have an agency that is free to coverup whatever it would like.

from the that's-not-copyrightable dept

Late last week, the 9th Circuit appeals court asked the various parties to file briefs on whether or not it should reconsider Google's motion for a stay on Judge Alex Kozinski's horrific ruling that an actress, Cindy Lee Garcia, who appeared in approximately 5 seconds of the infamous 13-minute "trailer" of "Innocence of Muslims" had a copyright interest in her performance and could legitimately demand Google remove all copies of the film. Despite the extremely controversial ruling, and the First Amendment implications associated with it, Kozinski almost immediately rejected the motion. However, another judge in the 9th Circuit took it upon him or herself to ask the court to reconsider the question "en banc" (usually meaning all the judges, but in the 9th Circuit, it's a panel of 11). On Wednesday, both sides filed their motions, limited solely to the question of whether or not the court should reconsider the motion for a stay -- but they certainly hint at the arguments that are going to play out as this case goes forward.

While this lawsuit was pending, Garcia
also was pursuing her copyright on another front. On September 25, 2012, she
filed an application with the U.S. Copyright Office in order to comply with 17
U.S.C. § 411(a), which requires such an application as a prerequisite to any
copyright infringement suit. On December 18, 2012, however, the Copyright
Office wrote to Garcia’s lawyer and informed her that, barring further information
from Garcia, Garcia was not entitled to register a copyright.... “For
copyright registration purposes, a motion picture is a single integrated work,” it
wrote. “Assuming Ms. Garcia’s contribution was limited to her acting
performance, we cannot register her performance apart from the motion picture.”
... The Copyright Office informed Garcia’s lawyer that unless she could provide
further information about Garcia’s role, her application would be rejected....
Garcia responded by asking the Copyright Office to delay its adjudication of her
application until after the panel ruled in this case....

On March 6, 2014, the Copyright Office issued a letter rejecting Garcia’s
application.... It explained that “the U.S. Copyright Office * * * views
dramatic performances in motion pictures to be only part of the integrated work—
the motion picture” and that the Office’s “longstanding practices do not allow a
copyright claim by an individual actor or actress in his or her performance
contained within a motion picture.”.... The Office
also explained why it was inappropriate for it to delay its ruling during the
pendency of this case. Citing 17 U.S.C. § 411(a), it wrote that “Congress expressly
envisioned that registration decisions by the Register of Copyrights would precede
adjudication in the courts” so that the courts have the benefit of the Copyright
Office’s decision and so that the Office can intervene to defend that decision....
When applicants institute lawsuits prior to the Copyright Office’s decision, it
explained, “the Register’s statutory right to intervene in an action instituted
pursuant to a refusal to register is nullified.”

While I often disagree with the Copyright Office on things, nearly everyone should at least agree that it tends to lean towards a more copyright maximalist point of view, happy to allow copyrights on nearly everything. For even it to reject the copyright here, and do so forcefully, suggests that Judge Kozinski's ruling is way out of line -- and, at the very least, deserves a more thorough rehearing.

Google goes on to explain why, even without this, the original order should be put on the shelf while the court reconsiders, again making a very compelling argument that Garcia has no copyright interest and no case. I won't rehash the arguments here, but they're worth reading. At the very least, it's difficult to see how anyone (even those who agreed with the original order) can't see how the ruling is controversial, raises serious issues, and deserves to be stayed until the court can make sure this is the result it thinks is appropriate.

Garcia's brief on the other hand, dispenses with careful legal logic, and plays heavily on emotion -- reprinting some of the "death threats" Garcia received for her appearance in the video. While these were, no doubt, distressing to Garcia, that is unrelated to the actual copyright question at play here, and seem designed solely to lead to an emotional reaction, like the one it appears Judge Kozinski had. Even when the filing does delve into making actual legal arguments, they seem questionable. For example, Garcia's lawyer dismisses the idea that appearing in only 5 seconds of the film has any bearing on the copyright question, and even quotes Judge Learned Hand saying: "no plagiarist can excuse the wrong by showing how much of his work he did not pirate." But that's both misleading and not applicable here. This is not an issue of plagiarism. It's a question of copyright infringement, and de minimis use and fair use (where the amount of the work plays a key role) are well established. To pretend that these issues are meaningless is to ignore some rather basic copyright law (though, so is claiming that an actress has a copyright interest in a movie).

Reading through the two motions you get a sense of two very different levels of expertise concerning copyright law. On top of that, a third filing, from lawyer Andrew Bridges representing a bunch of internet companies, including Automattic, Twitter, Facebook, Pinterest and IAC (and indicating more may soon sign on), suggests that a large part of the internet ecosystem is about to weigh in on why Kozinski's ruling is absolutely insane as well. Hopefully, the court at least recognizes that it should rehear the question of whether or not a stay should be granted on the original prior restraint order.

You feed it all your movies and music on disc: CDs, DVDs and Blu-ray discs. The Cinema One copies each disc to its 4-terabyte hard drive. 25 minutes for a DVD; two hours for a Blu-ray.

And I mean it copies everything. Every deleted scene, director’s commentary, alternate ending. Every DVD extra. And it doesn’t touch the video — there’s no compression or anything; it copies every pixel of quality that’s on the disc.

Once these movies are stored on the drive, you can call them up instantly using the remote or the iPad app.

When you hit Play on the remote, the movie begins playing instantly.

Read that again. The movie begins playing. Not the FBI warning, not the MPAA screen, not the previews, not the DVD menu — the movie itself. You cannot imagine how delightful that is compared with what we’re used to now: Downloading or streaming movies is handy, but you don’t get anything like the quality of Blu-ray, and you generally don’t get any of the bonus features. And discs give you the quality and the extras but require you to sit there staring at stupid FBI and MPAA screens that you’re not allowed to skip. The Kaleidescape box offers the best of both worlds.

This convenience of not being told you're a thief by your purchased product comes at a price. One is the retail price, which is an astounding $4,000. The other is a tax (of sorts) borne out of Hollywood's stupidity and paranoia.

When you want to play a Blu-ray movie off the Cinema One, you have to hunt down the original disc you own, insert it into the Cinema One’s slot, and wait for it to load. You’re not playing the disc; you’re just confirming that you own it.

But you’re also losing 80 percent of the value of having a Cinema One! What happened to “any movie in your collection, instantly”?

That's Hollywood crippling a device to ensure the $4,000 product never lives up to its potential. This is what happens when execs see nothing in the technology but a new way to pirate movies. Instead of a seamless, instant experience, you're back in the position of hunting for the purchased discs you already "conveniently" stored on the hard drive. For whatever reason, you don't have to do this with regular DVDs. (Presumably because that market isn't where the money is anymore, although at one time, that ridiculous stipluation was forced on Kaleidescape by Hollywood lawyers -- and that's when the box ran about $10,000.)

You can also purchase movies through Kaleidescape, but at this point, the selection is woefully limited. For only $2, you can purchase what amounts to a digital license to play your purchased Blu-rays without having to load the original disc, but even that is hampered by a lack of upstream licensing.

That’d be a reasonably priced solution if it were available for any Blu-ray movie you own. But it’s not. In fact, it’s available for relatively few movies: only those from Lionsgate and Warner Bros. Kaleidescape says it’s working on reaching similar deals with other movie companies, but for now, it’s only a fractional solution.

So, the studios are more than happy to cripple the device, but not so interested in providing affordable licensing of their productions. It's certainly had time to work these details out. It's been fighting Kaleidescape since 2004, tenanciously combating every technological advance the company made. Along the way, it forced the company to require the insertion of every disc before playing (including regular DVDs) and dragged it to court on multiple occasions to claim its "circumvention" of disc-based copyright protection was infringement (even if people were "burning" movies they owned to the drive).

Now, Hollywood has been forced to accept this device, nearly a decade since it first began its attack. The number of licensed movies available for download barely clears 2,000 titles. There may be more to come, but it seems unlikely to be fully embraced by the same studios who spent 10 years fighting it. And who's to say that any licenses obtained won't be rescinded in the future, punching holes in your digital collection and putting you back in the position of hunting down Blu-ray discs you stashed away after burning them to Kaleidescape's drive? It's not as though that sort of "you don't really own your digital purchases" bullshit has never occurred before.

As Pogue points out, the studios' tampering makes this product almost completely useless.

But that copy-protection business is going to kill a lot of potential sales. It’s like having a TiVo that can’t record anything on a timer, or hiring a tax preparer who hands you the blank 1040 form and a pen. It just defeats the purpose.

That's copyright protection for you. All the promise in the world negated by fearful Hollywood execs who see pirates hiding under every new technological advance.

from the which-one-is-more-of-a-threat dept

There have been plenty of efforts by defenders of the intelligence community (including the Department of Justice) to publicly destroy the reputations of various whistleblowers, from Thomas Drake to John Kiriakou to Chelsea Manning to Ed Snowden. All of them were whistleblowers, with most leaking important information to the press. Yet they were all charged as spies under the Espionage Act, and the intelligence community and its defenders went out of their way to claim that they were the equivalent of the worst spies around, putting national security in danger, and often questioning if they were really working for foreign powers. Yet, as (former FBI agent, now defender of civil liberties) Mike German points out, it's odd how the very same people seem noticeably quiet concerning actual spies who handed sensitive information directly into the hands of adversarial governments.

So how come most people have never heard of Jeff Delisle? He is, after all, an admitted Russian spy who compromised US
signals intelligence for almost five years before his arrest in 2012
and whose dismissal from the Canadian military was revealed in court
last week.

Don’t blame Canada; American officials have been strangely silent on the matter.As
part of his duties as an analyst assigned to an “intelligence fusion
centre”, Delisle had access to a top-secret US Defense Intelligence
Agency database – part of the intelligence-sharing arrangement among the
so-called “Five Eyes”,
the US, Canada, Britain, Australia and New Zealand. He volunteered his
services to Russian intelligence as an embassy walk-in, then used thumb
drives to steal classified material that he disseminated to his
spymasters through a shared email account. He was prosecuted in Canada,
and sentenced to 20 years in prison – 15 fewer than Manning received.

As German notes, Delisle isn't a one-off situation either.

Delisle isn’t the only spy you never heard of. Defense Intelligence Agency analyst Ana Montes spied for Cuba for 17 years before her 2001 arrest. Former US Marine Leandro Aragoncillo spied on
behalf of the Philippines for five years while serving as an aide to
Vice President Cheney and then an FBI analyst, before his 2005 arrest.

But we don't really hear about those folks. And, as German points out, they actually caused a lot more damage. And that leads one to the inevitable conclusion. The anger about Snowden and the others has little to do with national security. It's much more about the uncomfortable reality that these whistleblowers are shining a very bright spotlight on questionable policies that were approved of and supported by these politicians:

If the US
government’s crusade against Snowden reflected a genuine concern about
leaks that do serious harm to the our nation’s security – rather than a
public relations response to disclosures about controversial
surveillance activities – one would expect to hear the names Delisle,
Montes and Aragoncillo brought into the discussion as well. And often.

When spies reveal information to foreign powers, however, there are no angry tirades in Congress – no vote-grabbing tactics –
that might draw public attention to this counter-intelligence failure.
The silence helps them avoid uncomfortable questions about whether such
broad information-sharing was really in our national security interests,
or whether our intelligence agencies were negligent.

I think to some extent it goes further. Defenders of the intelligence community understand spies who sell out to other countries. It's part of the espionage game. Whistleblowers, however, they don't understand at all. It makes them uncomfortable in a very different sense. They're used to keeping secrets. The idea of "going public" with something goes against basically their entire life's work. And, even worse, whistleblowers reflect directly back on them in a way that spies selling out to other countries don't. Spies who give information to foreign governments aren't making any kind of comment on those who didn't do that. Whistleblowers, on the other hand, are by default highlighting exactly what the rest of the intelligence community has been doing and the fact that no one else was willing to step up and call out obvious wrongs.

And that's why they freak out so badly when true whistleblowers come along and treat them worse than actual spies and double agents.

from the infectious-ideas dept

One of the most shocking of Snowden's revelations was that the NSA and GCHQ are deliberately weakening the Internet's security -- either by undermining standards, or by using zero-day vulnerabilities to break into systems. More recent news about the huge scale of attempts to infect computers with malware only compounds that outrage. It's hard to convey to ordinary Internet users the seriousness of what the NSA and GCHQ have done here, but in a brilliant new column in the Guardian, it looks like Cory Doctorow has done just that:

I think there's a good case to be made for security as an exercise in public health. It sounds weird at first, but the parallels are fascinating and deep and instructive.

Here's the basic insight:

If you discovered that your government was hoarding information about water-borne parasites instead of trying to eradicate them; if you discovered that they were more interested in weaponising typhus than they were in curing it, you would demand that your government treat your water-supply with the gravitas and seriousness that it is due.

Because that is precisely what the spying agencies are doing: they are intentionally withholding vital information about threats to your digital health -- the fact that programs you use are vulnerable to infections with malware, or that key security technologies you depend upon have backdoors -- regardless of the serious consequences this might have for you. If you try to imagine doctors doing the same in the case of equivalent threats to your health, you begin to get an idea of the depth of betrayal felt by computer professionals here. Doctorow goes on to point out that this is not just a matter of personal harm; the NSA and GCHQ are degrading the basic digital infrastructure of modern life:

This is the most alarming part of the Snowden revelations: not just that spies are spying on all of us -- that they are actively sabotaging all of our technical infrastructure to ensure that they can continue to spy on us.

There is no way to weaken security in a way that makes it possible to spy on "bad guys" without making all of us vulnerable to bad guys, too. The goal of national security is totally incompatible with the tactic of weakening the nation's information security.

"Virus" has been a term of art in the security world for decades, and with good reason. It's a term that resonates with people, even people with only a cursory grasp of technology. As we strive to make the public and our elected representatives understand what's at stake, let's expand that pathogen/epidemiology metaphor. We'd never allow MI5 to suppress information on curing typhus so they could attack terrorists by infecting them with it. We need to stop allowing the NSA and GCHQ to suppress information on fixing bugs in our computers, phones, cars, houses, planes, and bodies.

Doctorow is right on both counts: we can't allow the NSA and GCHQ to withhold vital information that endangers the digital fabric of society, and the way to stop them is to use this public health metaphor to get that message across to politicians and the general public.

from the long-overdue dept

For fifteen years now I've watched as phone and cable duopolies lobby to pass draft legislation designed to keep broadband uncompetitive. Specifically, in more than a dozen states these protectionist measures either hinder or outright ban a town or city's ability to wire itself for broadband (either alone or with a private industry partner) -- even in cases where nobody else will. If the laws don't ban such efforts outright, they force anyone looking to build a broadband network to jump through layers upon layers of bureaucratic hoops, during which the regional duopolies with limitless budgets harass the efforts with lawsuits and negative publicity campaigns (I've seen ISPs hire push pollsters to tell locals that a government-built network would ban their religious programming).

The worst part of these bills is that at their base they're simply duopolists buying laws that keep towns and cities from making regional infrastructure decisions for themselves, whether that's building their own core fiber network or developing a public/private network build partnership. Carriers get to have their cake and eat it too; they're not going to build you better broadband networks, but they're not going to let anybody else do it, either. Some of these projects work, some don't (it depends on the specific business model), but if the country is actually serious about improving broadband competition, these miserable bills are the very first thing that need a long, hard look.

For many years these bills were quickly passed without much debate, public scrutiny and absolutely no tech-press attention. All too often, when they were noticed, they were defended using traditional partisan tropes. Locals simply trying to get connected by any means necessary are usually vilified and portrayed as supporting "government meddling with industry." It's a shame, given that, like so many technical issues, there should be nothing partisan about protecting your local rights. Fortunately, with Google Fiber's entry into the market I've seen a renewed flurry of attention on these bills, in large part because several would have impacted Google Fiber's expansion, and Google Fiber, as I've noted, appears to have captured the imagination of the public.

In Kansas, for example, cable operators recently ran into a bit of a chainsaw when they attempted to ban towns and cities in the state from running their own fiber or working with partners like Google Fiber (operating in Kansas City). SB304 claimed to allow such efforts if they targeted unserved customers, but then sneakily defined unserved as someone unable to even get satellite or a cellular dial tone, ensuring that nobody would get that designation (a pretty common trick to make the bills seem more reasonable). In Utah, SB190, one such bill pushed in part by regional incumbent CenturyLink, also won't be surviving this year thanks in part to the new attention Google Fiber (who purchased a network in Provo) has brought to the issue.

A few years ago, these bills would have flown through state legislatures with nary a mention. Not only are new bills starting to fail more regularly under heightened public awareness, I'm starting to see -- for the first time in my many years covering the industry -- pushes to roll back some of these ridiculous protectionist measures. In Tennessee, for example, there's four different bills in process that would roll back such incumbent-friendly bills, and they're coming from both sides of the political aisle. Jon Brodkin at Ars Technica, who has been doing an absolutely fantastic job lately making these important issues interesting for readers, notes how local ISPs quickly complained about the sea change:

"We are particularly concerned about four bills that have been introduced this session," Tennessee Telecommunications Associations chief Levoy Knowles said in an announcement. The TTA claimed to be presenting "concerns of rural consumers" but are more worried about the potential of losing customers. "These bills would allow municipalities to expand beyond their current footprint and offer broadband in our service areas. If this were to happen, municipalities could cherry-pick our more populated areas, leaving the more remote, rural consumers to bear the high cost of delivering broadband to these less populated regions," Knowles said."

Yes, god forbid you'd have to face a new competitor and adjust your business model accordingly; you might even have to work with a local government to determine what works best in each region! Meanwhile, Google Fiber's recent announcement to help 34 cities in nine regional markets examine local fiber needs should bring greater attention to the issue. Google intentionally targeted regions like North and South Carolina, where regional incumbent Time Warner Cable passed protectionist bills a few years ago (on their fourth try). It only took fifteen years, but we're only just starting to see people realize that perhaps letting your regional duopolists write laws dictating what you can and can't do for your own community might not be the best idea.

from the we-have-all-the-data,-now-we-have-all-the-time dept

A house set against itself cannot stand gets a win no matter who's dealing the cards. As was noted earlier, the NSA's metadata is currently integral to a series of lawsuits against the government. This fact prompted the DOJ to ask the FISA court to bend the minimization rules and extend the holding period from five years to "whenever."

This was shot down by FISC judge Reggie Walton, who pointed out that the government's argument was faulty on multiple levels. First of all, changing the stipulations of the minimization procedures put the entire metadata collection on shaky constitutional ground, seeing as it's almost entirely composed of data on American citizens not currently the subject of NSA investigations. Secondly, the DOJ cited evidence preservation statutes that applied solely to private corporations, something that clearly doesn't transfer directly to a government database composed of US citizens' "business records."

On March 10th, a contradictory decision was handed down by US District Court judge Jeffrey Wright, who declared the NSA was required to hold onto metadata relevant to ongoing lawsuits. This set up an interesting situation for the NSA, which would now have to decide whether it would rather have data with no expiration date or destroyed data that would never possibly appear in court.

The NSA has now shown its hand. In a motion filed Wednesday, the agency asked the FISA court to reverse its decision on destroying the held metadata. The filing refers to the temporary restraining order entered by Judge Jeffrey Wright which stipulates that the agency must hold onto the data until the cases are resolved. The NSA notes that it now is subject to two contradictory notices and is asking the FISA court to honor the other court's decision.

I'm not exactly sure how the FISA court will respond to this. Walton made it pretty clear that he felt the government's arguments were weak and jeopardized the minimal privacy protections surrounding the bulk records collections. Not only that, but presumably the FISA court's authority supersedes a district court, considering it is the entity charged with directly supervising the collection and handling of the NSA's bulk collections.

Well, no sooner had the ink dried on this post than FISC judge Reggie Walton delivered an opinion agreeing with the District Court's order and will allow the NSA to retain the metadata associated with the two cases listed in Judge Jeffrey Wright's order. Walton's decision to reverse the FISC's opinion hinges on these two specific cases, Jewel v. NSA and First Unitarian Church v. NSA. As he notes, the DOJ's request to hold the data was based on common law rules normally applied to retention of corporate data in civil cases, something entirely unrelated to bulk surveillance metadata. Addiitonally, he points out that none of the plaintiffs in the cases the DOJ listed had requested the data be retained.

The Court concluded that any interests the civil plaintiffs might assert in preserving all of the BR metadata was "unsubstantiated" on that record. The Court further observed that no District Court or Circuit Court of Appeals has entered a preservation order applicable to the BR metadata in question in any of the civil matters cited in the motion. Further, there is no indication that any of the plaintiffs have sought discovery of this information or made any effort to have it preserved, despite it being a matter of public record that BR metadata is routinely destroyed after five years.

Beyond the legal issues is the NSA itself, which probably wouldn't doesn't mind being able to hold onto metadata indefinitely. (Of course, the FISC court limits this metadata to these two specific cases where the plaintiffs have requested the data be held. There's a lot of plaintiffs in one of those cases [First Unitarian Church v. NSA], meaning a whole lot of records will be maintained.) There's always the concern that this evidence will need to be presented in court, but if the past is any indicator, the admission of these records will be fought vigorously by the agency. As for the data the DOJ requested to be held? It will simply vanish into the ether upon expiration, keeping it out of the public eye forever.

access to a large library of 0-day and 1-Day Exploits for popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader and many more.

Here's how it applies those exploits, as described by Privacy International:

By using the FinFly Exploit Portal, governments can deliver sophisticated intrusion technology, such as FinSpy, onto a target's computer. While it's been previously advertised that Gamma use fake software updates from some of the world's leading technology companies to deliver FinSpy onto a target's computer, the exploit portal puts even more power in the hands of government by offering more choices for deployment. Astonishingly, FinFly Exploit Portal guarantees users four viable exploits for some of the most-used software products in the world, such as Microsoft's Internet Explorer and Adobe's Acrobat programme.

Sadly, Gamma is not a one-off in this respect. Another company offering exploits to government agencies for the purpose of breaking into systems -- that is, offensive rather than defensive actions -- is Vupen Security. As its Web site explains:

As the leading source of advanced vulnerability research, VUPEN provides government-grade zero-day exploits specifically designed for law enforcement agencies and the intelligence community to help them achieve their offensive cyber missions and network operations using extremely sophisticated and exclusive zero-day codes created by VUPEN Vulnerability Research Team (VRT).

While other companies in the offensive cyber security field mainly act as brokers (buy vulnerabilities from third-party researchers and then sell them to customers), VUPEN's vulnerability intelligence and codes result exclusively from in-house research efforts conducted by our team of world-class researchers.

Privacy International comments:

Exploits are supremely valuable to security researchers, law enforcement agencies, governments in general, and surveillance companies. They have completely legitimate purposes and the research related to their development, especially vulnerability research, should be encouraged.

However, the possibility for abuse has lead to increasing calls for some kind of regulation into the industry that goes beyond mere self-regulation by the industry itself. These are difficult policy decisions; the factors and issues to be weighed are complex and challenging. It is indeed difficult to envisage a realistic form of regulation that can achieve the right balance. Privacy International firmly believes that export controls on exploits at the moment are not an appropriate response.

We know from Snowden's leaks that the NSA uses zero-day exploits to compromise computer systems used by foreign governments. That probably means that the US would be unwilling to introduce any constraints on their use (even nominal ones), as will other governments around the world that are doubtless turning to malware as a way of spying on targets in the same way.

The only way to blunt those attacks is for members of the software community to find, publish and patch vulnerabilities, as fast as they can. That's yet another compelling reason for using free software: even if open source is just as likely to have flaws as closed-source programs (and opinions will differ on that score), it's inarguable that they are easier to find and fix since the barriers to doing so are much lower.